Skip to main content

Fastjson

1 CVEs product

Monthly

CVE-2022-25845 Maven CRITICAL POC PATCH THREAT Act Now

The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Fastjson Communications Cloud Native Core Unified Data Repository
NVD GitHub
CVSS 3.1
9.8
EPSS
17.8%
EPSS 18% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Fastjson Communications Cloud Native Core Unified Data Repository
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy